<?php
	include_once("connect.php");
	mysql_select_db("progin_171_13509047",$con);
	
	$uname = $_POST["uname"];
	$pass = $_POST["pass"];
	
	$uname = mysql_real_escape_string($uname);
	$pass = mysql_real_escape_string($pass);
	
	$query = "SELECT * from user WHERE username = '$uname' AND password = md5('$pass');";
	$ret = mysql_query($query) or die(mysql_error());
	
	if(!$ret) {
		$msg = "Invalid query " . mysql_error() . "\n";
		$msg .= "Whole query " . $query;
		die($msg);
	}
	
	while($row = mysql_fetch_array($ret)) {
		global $userid, $full_name, $email, $gender, $birth, $avatar, $about_me, $post_count, $comment_count;
		$userid = $row["ID"];
		$full_name = $row["full_name"];
		$email = $row["email"];
		$gender = $row["gender"];
		$birth = $row["birth"];
		$avatar = $row["avatar"];
		$about_me = $row["about_me"];
		$post_count = $row["post_count"];
		$comment_count = $row["comment_count"];
	}
  
	$cnt = mysql_num_rows($ret);
	if($cnt == 1) {
		session_start();
		$_SESSION["userid"] = $userid;
		$_SESSION["uname"] = $uname;
		$_SESSION["full_name"] = $full_name;
		$_SESSION["email"] = $email;
		$_SESSION["gender"] = $gender;
		$_SESSION["birth"] = $birth;
		$_SESSION["avatar"] = $avatar;
		$_SESSION["about_me"] = $about_me;
		$_SESSION["post_count"] = $post_count;
		$_SESSION["comment_count"] = $comment_count;
		echo "".$userid;
	} else {
		echo "no";
	}
	
	include_once("close_con.php");
?>